Free UK shipping on orders over £30
Mawlo

Legal

Privacy policy

Last updated: 14 May 2026

1. Who we are

Mawlo ("we", "us", "our") is a UK-based cosmetics company. We are the data controller for personal data you share with us through this website. You can contact us at hello@mawlo.com.

2. What data we collect

When you visit, shop, subscribe, or contact us, we may collect:

  • Identity & contact data: name, billing and shipping address, email, phone number.
  • Order data: products purchased, order history, subscription preferences.
  • Payment data: processed securely by our payment provider (Stripe / PayPal). We do not store full card details.
  • Technical data: IP address, device and browser information, pages viewed, cookies.
  • Marketing preferences: whether you've opted in to our email newsletter and your interaction with it.

3. How we use your data

We use your data to:

  • Process and fulfil your orders and subscriptions.
  • Provide customer support and respond to enquiries.
  • Send transactional emails (order confirmations, shipping updates).
  • Send marketing emails, only if you have opted in. You can opt out anytime.
  • Improve our website, products, and customer experience.
  • Comply with our legal obligations (for example, tax and accounting records).

4. Legal basis

We process your personal data on one or more of the following legal bases: (a) the performance of a contract with you (for example, fulfilling your order); (b) your consent (for example, marketing emails or non-essential cookies); (c) our legitimate interests (for example, fraud prevention and improving our service); and (d) compliance with a legal obligation.

5. Sharing your data

We only share your data with trusted third parties who help us run our business, including: payment processors, shipping carriers, our email marketing platform, our analytics provider, and our customer support tools. We require all third parties to handle your data securely and only use it for the agreed purpose.

We do not sell your personal data to anyone.

6. International transfers

Some of our service providers may be based outside of the UK or EEA. When this is the case, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement or EU Standard Contractual Clauses.

7. How long we keep your data

We keep your personal data only for as long as necessary for the purposes set out in this policy, or as required by law (for example, financial records are kept for 6 years). Marketing data is kept until you withdraw consent.

8. Your rights

Under UK and EU GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Request erasure (the "right to be forgotten").
  • Restrict or object to processing.
  • Withdraw consent at any time.
  • Data portability.
  • Lodge a complaint with the UK's Information Commissioner's Office (ICO) or your local supervisory authority.

To exercise any of these rights, please email hello@mawlo.com.

9. Cookies

We use cookies and similar technologies to make the site work, remember your preferences, analyse traffic, and improve our marketing. You can manage cookies through our cookie banner and your browser settings.

10. Changes to this policy

We may update this policy from time to time. The latest version will always be available on this page with a revised date at the top.